search cancel

CVE-2021-3711, CVE-2022-1292, CVE-2022-2068 - Service Virtualization (DevTest) Images

book

Article ID: 254150

calendar_today

Updated On:

Products

Service Virtualization CA Application Test CA Continuous Application Insight (PathFinder)

Issue/Introduction

OpenSSL Vulnerabilities (CVE-2021-3711, CVE-2022-1292, CVE-2022-2068)

Environment

DevTest 10.6.x and 10.7.x images

All the other DevTest installers are not impacted.

Cause

Third Party Vulnerability

Resolution

The latest Docker images with the vulnerability fixes are hosted at sv-docker.packages.broadcom.com/sv

Below are the details:

DevTest Version

Image

Tag

10.6.4

config-server

0.0.5.7

10.6.4

lisa

10.6.4.103

10.6.4

portal

10.6.4.90

10.6.4

virtual-service-catalog

1.7.5.32

10.6.4

iaam

1.4.1.13

 

 

 

10.7.0

config-server

0.0.6.21

10.7.0

lisa

10.7.0.170

10.7.0

portal

10.7.0.71

10.7.0

virtual-service-catalog

1.7.6.44

10.7.0

iaam

1.4.2.80

 

 

 

10.7.2

config-server

0.0.7.26

10.7.2

lisa

10.7.2.375

10.7.2

portal

10.7.2.307

10.7.2

virtual-service-catalog

1.7.8.57

10.7.2

iaam

1.4.5.671

 

 

 

10.7.2-nginx

config-server

0.0.7.26

10.7.2-nginx

lisa

10.7.2.374.10

10.7.2-nginx

portal

10.7.2.306.7

10.7.2-nginx

virtual-service-catalog

1.7.8.57

10.7.2-nginx

iaam

1.4.5.671

 

NOTE: 10.6.0 to 10.6.3 users are recommended to upgrade to the latest version (10.7.2) as the vulnerability fix is not yet available in the vendor’s base image repositories.